NFTs (Non-fungible Tokens) continue to grow in popularity, but the inherent misalignments in speed between legislation and innovation present a major challenge. NFT project developers, companies interested in using NFTs as an entry point into the web3 world and other stakeholders face legal challenges regarding regulatory matters, aligning these projects with more traditional legal requirements (such as eCommerce related consumer laws) and potential IP (Intellectual Property) breaches.

Although there are few legal precedents for NFTs, it is important to carefully research the legal position at the commencement of an NFT project. It’s also key to have a high level overview of the main difficulties that can be encountered, including regulatory implications in contracting, IP protection, data privacy, financial regulation, gambling laws, marketing laws and consumer protection, among others. This article shares some tips on navigating that journey for the successful launch of an NFT project.

Getting started

Although the industry is no longer new, non-technical information continues to be rare and NFTs can be a confusing subject. It is therefore important to carefully plan pre-launch considerations, ensuring that any NFT related activity is fully aligned with the priorities, values and vision of the company.

The first step is identifying the basic elements of the NFT: project scope, objectives, nature, concept and use.

NFTs typically revolve around creation, ownership and exchange of unique digital assets – namely, the tokens – that can be linked with a variety of artistic forms (art, music, videos, collectives, in-game items, etc). NFTs are built on blockchain technology, which grants authenticity and scarcity to these digital assets.

Objectives and uses can vary in form and serve many purposes: art, in-game items, digital fashion, events and other utilities. However, it is important to have in mind different aspects:

  • The substantial differences between the NFT and the tokenized assets, for example art. Asset tokenization is the process which ties rights to a certain object represented by tokens, and records them in the blockchain. NFTs, unless agreed otherwise, do not give a person rights to the asset but to the metadata. In plain words this means that for NFTs the purchaser obtains the piece of code, but not necessarily the copyright to the art or the physical copy of it.
  • the transfer of, or ability to exploit, IP rights via NFT is possible, but that has to be written in a smart contract and coded into the NFT.

Finally, it must be noted that there is no homogeneous legal regime applicable to NFTs, but a range of applicable legal frameworks depending on, for instance, the use case or targeted jurisdiction. Once the purpose of launching the NFTs is clearly identified and the use case is determined, a company is ready to anticipate the possible risks associated with this activity.

Implementing the NFT project: The Role of Legal

As regulatory requirements evolve, companies looking to engage in the NFT ecosystem should be ready to pivot their strategy and adapt to legal risk. This subject area is difficult to define in its legal nature, and regulation is often problematic to apply.

When carrying out pre-project legal due diligence, some of the most important issues are determining possible rights in the NFT and underlying asset, clearly defining the customer’s NFT journey, identifying key third party partners (e.g., service providers helping to develop the NFT project, digital wallet providers, crypto custodians), deciding the market in which NFTs will be commercialized (primary v. secondary) and reviewing existing contracts.

Some key legal topics to address include the following: 

  • Will the company develop the NFTs or will it leverage a third party to do so? Which part of the NFT “supply chain” will be handled by this third party?
  • Is third party material used to create the underlying asset (e.g., third party IP-protected material)?
  • In which country and via which platform will the NFTs be distributed?
  • Will NFTs be sold to the general public? Is it necessary to comply with consumer related legislation that makes it necessary, for instance, to implement greater transparency standards or specific guarantees?
  • Is there any advertising activity around the NFTs that requires further consideration?
  • Are NFTs the outcome of a sweepstake / lottery or other competition?
  • Do NFTs give any right to participate in, for instance, a web3 governance mechanism (“baby NFTs”) that makes it necessary to properly establish the functioning of the “Decentralized Autonomous Organization” or “Centralized Organization”?
  • Is the corporate structure compatible with the NFT project? Should the company consider using fiduciary entities or incorporating new companies?
  • Is there any risk of NFTs being considered as securities under financial sector regulation? Is there any Know Your Client or Anti-Money Laundering procedure the company should implement?
  • How will the NFTs, or the income obtained from their commercialization, be considered from a tax perspective?  
  • What utilities (merchandise, event participation, etc.) and customizations will be accessible to the NFT holders and what are the legal consequences?
  • Does the language in the smart contract adequately detail the terms not only for the current sale, but also for any future transactions, including compatibility with the platform where resale will occur?

These issues acquire another layer of complexity when taking into account other ecosystem stakeholders such as digital wallet providers, crypto custodians, crypto-exchanges or NFT marketplaces. The role of legal therefore has a special relevance, not only in the implementation of the project, but also in its design.

Developing legal best practices for NFT projects

Developing legal best practice for NFT projects requires careful consideration and knowledge of several crucial factors to build strong foundations, embedding the development of best practice as an integral part of the company’s NFT initiatives.

Firstly, creating an NFT ‘toolkit’ can be helpful for newcomers to the ecosystem who may not be familiar with the technology and ensure that all divisions of the company (e.g., legal, marketing, IT) are on the same page. This toolkit should include information on what NFTs are, how to create and promote them, and which platforms to sell them on.

Secondly, it is important to prepare and periodically review project milestones and roadmaps to ensure that the project is on track and meeting its goals. This can involve defining the project’s vision and goals, developing a tokenomics model, and creating a project timeline. An additional compelling proposal is investing in the NFT code itself. This means ensuring that the code is secure, reliable, and scalable to meet the demands of the project.

Post launch considerations

Once the NFT has already been made available to the public, the company may wish to consider a few main aspects.

  • Be aware of possible deviations from the standard sale process. The type of contract and/or the contractual basis on which the asset is based, as well as possible withdrawal rights of third parties, should be taken into account. It’s essential that there is strong and transparent communication across stakeholders to ensure no unwanted effects.
  • Look carefully at all the additional features, products and events that the NFT is connected with. Some events are highly (and differently) regulated across countries, such as sweepstakes, “airdrops” or rights of access to goods and services, which may trigger different registration and notification obligations.
  • It is necessary to establish a proper procedure for potential claims or exercise of rights against the company, depending on the use case – for example, consumer law related liability or the exercise of rights under data protection legislation.

Finally, it is worth periodically evaluating the success of the project in terms of resources devoted, business impact and, of course, associated legal risks.


Florian Tannen is a partner in the Munich office of Baker McKenzie. He advises on all areas of contentious and non-contentious information technology law, including internet, computer/software and data privacy law.


Ruben is an associate in our Madrid office.